CVE-2021-41041 – java-11-openj9,java-1_8_0-openj9: unverified methods can be invoked using MethodHandles
https://notcve.org/view.php?id=CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. En Eclipse Openj9 versiones anteriores a 0.32.0, Java 8 y 11 no lanzan la excepción capturada durante la verificación del código de bytes cuando la verificación es desencadenada por una invocación de MethodHandle, permitiendo invocar métodos no verificados mediante MethodHandles • https://bugs.eclipse.org/bugs/show_bug.cgi?id=579744 https://github.com/eclipse-openj9/openj9/pull/14935 https://access.redhat.com/security/cve/CVE-2021-41041 https://bugzilla.redhat.com/show_bug.cgi?id=2080954 • CWE-252: Unchecked Return Value CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-908: Use of Uninitialized Resource •
CVE-2022-0673
https://notcve.org/view.php?id=CVE-2022-0673
A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal. Se ha encontrado un fallo en LemMinX en versiones anteriores a 0.19.0. Un envenenamiento de la caché de los archivos de esquemas externos debido a un salto de directorio • https://github.com/eclipse/lemminx/blob/master/CHANGELOG.md#0190-february-14-2022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-0672
https://notcve.org/view.php?id=CVE-2022-0672
A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user. Se ha encontrado un fallo en LemMinX en versiones anteriores a 0.19.0. Un redireccionamiento no seguro podría permitir el acceso no autorizado a información confidencial localmente si LemMinX es ejecutado bajo un usuario con privilegios • https://github.com/eclipse/lemminx/blob/master/CHANGELOG.md#0190-february-14-2022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-41040
https://notcve.org/view.php?id=CVE-2021-41040
In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data. En Eclipse Wakaama, desde su creación hasta el 14-01-2021, el código de análisis sintáctico de CoAP no sanea correctamente los datos recibidos de la red • https://bugs.eclipse.org/bugs/show_bug.cgi?id=577968 https://github.com/eclipse/wakaama/pull/640 • CWE-125: Out-of-bounds Read •
CVE-2021-41039
https://notcve.org/view.php?id=CVE-2021-41039
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. En las versiones 1.6 a 2.0.11 de Eclipse Mosquitto, un cliente MQTT v5 que se conecte con un gran número de propiedades de usuario podría causar un uso excesivo de la CPU, conllevando a una pérdida de rendimiento y una posible denegación de servicio • https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314 https://www.debian.org/security/2023/dsa-5511 • CWE-1050: Excessive Platform Resource Consumption within a Loop •